Thanks but tried that and no joy. I think there might be an error in the code
in the Immutable article.
I get this error in ossec.log;
rules_list: Signature ID '31108' not found. Invalid 'if_sid'
Cheers,
Mike
________________________________
From: [email protected] [mailto:[email protected]] On
Behalf Of Frank Stefan Sundberg Solli
Sent: Wednesday, September 07, 2011 2:48 PM
To: [email protected]
Subject: Re: [ossec-list] Detecting the Apache Range Header DoS Attack
Thats local_rules
On Wed, Sep 7, 2011 at 9:40 AM, Mike Disley
<[email protected]<mailto:[email protected]>> wrote:
Excellent write up. Would you put this rule in the local_rules or web_rules
file?
Cheers,
Mike
-----Original Message-----
From: [email protected]<mailto:[email protected]>
[mailto:[email protected]<mailto:[email protected]>] On
Behalf Of Michael Starks
Sent: Sunday, August 28, 2011 12:42 PM
To: [email protected]<mailto:[email protected]>
Subject: [ossec-list] Detecting the Apache Range Header DoS Attack
http://www.immutablesecurity.com/index.php/2011/08/28/detecting-the-apache-range-header-dos-attack-with-ossec/
Testing of the rules and feedback appreciated.
--
MVH/With regards
Frank
--
Name: Frank Stefan Sundberg Solli
E-mail: [email protected]<mailto:[email protected]>
Web: http://fssol.blogspot.com
GPG: 684119F4
